_{English · 中文 · Español · 日本語 · Português}

DCP-AI — Digital Citizenship Protocol for AI Agents

A Portable Accountability Layer for AI Agents on Open Networks

What is DCP?

The Digital Citizenship Protocol (DCP) defines a portable accountability layer for AI agents, allowing any verifier to evaluate:

Who is responsible for an agent (Responsible Principal binding),
What the agent declared it intended to do (Intent Declaration),
What policy outcome was applied (Policy Decision),
What verifiable evidence was produced (Audit Trail),
How agents are managed throughout their lifecycle (Lifecycle Management),
What happens when agents transition or are decommissioned (Digital Succession),
How conflicts are resolved between agents and principals (Dispute Resolution),
What rights and obligations govern agent behavior (Rights Framework), and
How authority is delegated from humans to agents (Personal Representation).

All artifacts are cryptographically signed, hash-chained, and independently verifiable — without requiring a central authority.

This protocol was co-created by a human and an AI agent — designed for the collaboration it seeks to govern.

Architecture

DCP is organized into three conceptual layers:

DCP Core

The minimum interoperable protocol that every implementation must support. Core defines the artifacts, their relationships, and the verification model:

Responsible Principal Binding — links every agent to a human or legal entity that assumes accountability
Agent Passport — the agent's portable identity, capabilities, and key material
Intent Declaration — structured declaration of what the agent intends to do, before it acts
Policy Outcome — the authorization decision applied to an intent
Action Evidence — hash-chained, tamper-evident audit entries with Merkle proofs
Bundle Manifest — the portable package that binds all artifacts together for verification

See spec/core/ for the core specification.

Profiles

Extensions and specializations that build on top of the core but are not required for basic interoperability:

Crypto Profile — algorithm selection, hybrid post-quantum signatures, crypto-agility, verifier policy (spec/profiles/crypto/)
Agent-to-Agent (A2A) Profile — discovery, handshake, session management, transport bindings (spec/profiles/a2a/)
Governance Profile — risk tiers, jurisdiction attestation, revocation, key recovery, governance ceremonies (spec/profiles/governance/)

Services

Operational infrastructure that supports the protocol but is not part of the normative core:

Verification servers, anchoring services, transparency logs, revocation registries
These are deployment choices, not protocol requirements

Protocol Specifications

Spec	Title	Description
DCP-01	Identity & Human Binding	Agent identity, operator attestation, key binding
DCP-02	Intent Declaration & Policy Gating	Declared intents, security tier enforcement, policy evaluation
DCP-03	Audit Chain & Transparency	Hash-chained audit entries, Merkle proofs, transparency logs
DCP-04	Agent-to-Agent Communication	Authenticated inter-agent messaging, delegation, trust chains
DCP-05	Agent Lifecycle Management	Commission, monitor, decline, and decommission agents with state machine enforcement
DCP-06	Digital Succession & Inheritance	Digital testaments, memory transfer, successor designation
DCP-07	Conflict Resolution & Dispute Arbitration	Disputes, escalation levels, arbitration, jurisprudence
DCP-08	Rights & Obligations Framework	Rights declarations, obligation records, violation reporting
DCP-09	Personal Representation & Delegation	Delegation mandates, awareness thresholds, principal mirrors
DCP-AI v2.0	Post-Quantum Normative Specification	Complete v2.0 spec with hybrid PQ crypto, 4-tier security model

Quick Start

Option A: CLI Wizard (recommended)

npx @dcp-ai/cli init

The interactive wizard (@dcp-ai/cli) walks you through identity creation, key generation, intent declaration, and bundle signing.

A lower-level reference CLI is also available as dcp (from the root dcp-ai package) for scripting and CI/CD pipelines:

npx dcp-ai verify my-bundle.signed.json

Option B: SDK directly

npm install @dcp-ai/sdk

import { BundleBuilder, KeyManager } from '@dcp-ai/sdk';

const keys = await KeyManager.generate({ algorithm: 'hybrid' });
const bundle = await new BundleBuilder()
  .setIdentity({ name: 'my-agent', operator: 'org:example' })
  .addIntent({ action: 'query', resource: 'public-api', tier: 'routine' })
  .sign(keys)
  .build();

Security Tiers

Tier	Verification Mode	Use Case
Routine	Self-declared identity	Public data reads, informational queries
Standard	Operator-attested identity + Ed25519 signature	API access, standard agent operations
Elevated	Multi-party attestation + hybrid PQ signatures	Financial transactions, PII access, cross-org delegation
Maximum	Hardware-bound keys + full PQ suite + anchored audit	Government systems, critical infrastructure, regulated industries

Ecosystem

graph TB
  subgraph sdks["SDKs (5 languages)"]
    TS["TypeScript SDK"]
    PY["Python SDK"]
    GO["Go SDK"]
    RS["Rust SDK"]
    WA["WASM Module"]
  end

  subgraph integrations["Integrations (11)"]
    EX["Express Middleware"]
    FA["FastAPI Middleware"]
    LC["LangChain"]
    OA["OpenAI"]
    CR["CrewAI"]
    AGNO["Agno (agno-dcp)"]
    OC["OpenClaw Plugin"]
    W3C["W3C DID/VC Bridge"]
    A2A["Google A2A Bridge"]
    MCP["Anthropic MCP Bridge"]
    AG["AutoGen Bridge"]
  end

  subgraph tools["Tooling"]
    CLI["CLI Wizard"]
    PG["Playground"]
    TPL["Templates"]
  end

  subgraph services["Infrastructure Services"]
    VER["Verification Server"]
    ANC["Anchoring Service"]
    TL["Transparency Log"]
    REV["Revocation Service"]
  end

  subgraph infra["Deployment"]
    SOL["Smart Contract L2"]
    GH["GitHub Actions"]
    DK["Docker Compose"]
  end

  TS --> EX
  TS --> OC
  TS --> W3C
  TS --> A2A
  TS --> MCP
  TS --> AG
  PY --> FA
  PY --> LC
  PY --> OA
  PY --> CR
  RS --> WA

  CLI --> TS
  PG --> WA
  TPL --> LC
  TPL --> CR
  TPL --> OA
  TPL --> EX

  EX --> VER
  FA --> VER
  VER --> ANC
  VER --> TL
  VER --> REV
  ANC --> SOL
  DK --> VER
  DK --> ANC
  DK --> TL
  DK --> REV
  GH --> VER

SDKs

Create, sign, and verify Citizenship Bundles in your preferred language. All SDKs support DCP v2.0 and post-quantum hybrid cryptography.

SDK	Package	Features	Docs
TypeScript	`@dcp-ai/sdk`	BundleBuilder, hybrid PQ crypto, JSON Schema validation, Vitest	sdks/typescript/
Python	`dcp-ai`	Pydantic v2 models, CLI (Typer), PQ extras, optional plugins	sdks/python/
Go	`github.com/dcp-ai-protocol/dcp-ai/sdks/go/v2`	Native types, hybrid signatures, full verification pipeline	sdks/go/
Rust	`dcp-ai`	serde, ed25519-dalek + pqcrypto, optional WASM feature	sdks/rust/
WASM	`@dcp-ai/wasm`	Browser verification, PQ crypto in WebAssembly, compiled from Rust	sdks/wasm/

Framework Integrations

Drop-in DCP governance for popular AI and web frameworks.

Integration	Pattern	Docs
Express	`dcpVerify()` middleware, `req.dcpAgent`	integrations/express/
FastAPI	`DCPVerifyMiddleware`, `Depends(require_dcp)`	integrations/fastapi/
LangChain	`DCPAgentWrapper`, `DCPTool`, `DCPCallback`	integrations/langchain/
OpenAI	`DCPOpenAIClient`, `DCP_TOOLS` function calling	integrations/openai/
CrewAI	`DCPCrewAgent`, `DCPCrew` multi-agent governance	integrations/crewai/
Agno	`DCPAgent`, `DCPTeam`, `DCPWorkflow` wrappers (separate package)	agno-dcp repo
OpenClaw	Plugin + SKILL.md, 6 agent tools	integrations/openclaw/
W3C DID/VC	DID Document ↔ DCP identity bridge, VC issuance	integrations/w3c-did/
Google A2A	A2A Agent Card ↔ DCP identity, task governance	integrations/google-a2a/
Anthropic MCP	MCP Tool ↔ DCP intent mapping, server middleware	integrations/anthropic-mcp/
AutoGen	AutoGen Agent ↔ DCP wrapper, group chat governance	integrations/autogen/

Templates

Ready-to-use project templates for common frameworks. Each template includes DCP identity, intent policies, and audit logging pre-configured.

Template	Description	Command
LangChain	RAG agent with DCP governance	`npx @dcp-ai/cli init --template langchain`
CrewAI	Multi-agent crew with per-agent DCP identities	`npx @dcp-ai/cli init --template crewai`
OpenAI	Function-calling agent with DCP tool governance	`npx @dcp-ai/cli init --template openai`
Express	API server with DCP verification middleware	`npx @dcp-ai/cli init --template express`

See templates/ for full source.

Playground

An interactive web-based playground for exploring DCP concepts — create identities, declare intents, sign bundles, and verify signatures directly in the browser using the WASM SDK.

# Open in browser
open playground/index.html

See playground/ for details.

Infrastructure Services

Backend services for anchoring, transparency, and revocation. These are operational components — not part of the normative core protocol.

Service	Port	Description	Docs
Verification	3000	HTTP API for verifying Signed Bundles	server/
Anchoring	3001	Anchor bundle hashes to L2 blockchains	services/anchor/
Transparency Log	3002	CT-style Merkle log with inclusion proofs	services/transparency-log/
Revocation	3003	Agent revocation registry + `.well-known`	services/revocation/

Deploy all services with one command:

cd docker && docker compose up -d

Documentation

Normative Specifications

Document	Description
DCP-01	Identity & Human Binding
DCP-02	Intent Declaration & Policy Gating
DCP-03	Audit Chain & Transparency
DCP-04	Agent-to-Agent Communication
DCP-05	Agent Lifecycle Management
DCP-06	Digital Succession & Inheritance
DCP-07	Conflict Resolution & Dispute Arbitration
DCP-08	Rights & Obligations Framework
DCP-09	Personal Representation & Delegation
DCP-AI v2.0	Post-Quantum Normative Specification
BUNDLE	Citizenship Bundle format
VERIFICATION	Verification procedures & checklist
DCP Core	Core protocol editorial specification

Getting Started

Guide	Description
QUICKSTART	General quick start guide
QUICKSTART_LANGCHAIN	LangChain integration walkthrough
QUICKSTART_CREWAI	CrewAI multi-agent setup
QUICKSTART_OPENAI	OpenAI function-calling integration
QUICKSTART_EXPRESS	Express middleware setup

API Reference

Document	Description
OpenAPI Spec	REST API (OpenAPI 3.1)
Protocol Buffers	gRPC service definitions
API README	API overview and usage

Architecture & Security

Document	Description
TECHNICAL_ARCHITECTURE	System architecture for global-scale deployment
SECURITY_MODEL	Threat model, attack vectors, protection layers
STORAGE_AND_ANCHORING	P2P storage, optional blockchain anchoring

Guides

Guide	Description
AGENT_CREATION_AND_CERTIFICATION	P2P agent creation flow, DCP certification
OPERATOR_GUIDE	Running a verification service
MIGRATION_V1_V2	Migrating from DCP v1.0 to v2.0

Standards Alignment

Document	Description
NIST_CONFORMITY	NIST post-quantum cryptography conformance
ROADMAP	Project evolution roadmap

Community

Document	Description
EARLY_ADOPTERS	Early adopter program and case studies
CONTRIBUTING	Contribution guidelines
GOVERNANCE	Project governance model

Vision

Document	Description
GENESIS_PAPER	Founding whitepaper

Cryptographic Algorithms

DCP v2.0 employs a hybrid cryptographic architecture for quantum-resistant security. Algorithm selection and crypto-agility are governed by the Crypto Profile.

Algorithm	Standard	Purpose
Ed25519	RFC 8032	Classical digital signatures
ML-DSA-65	FIPS 204	Post-quantum digital signatures (Dilithium)
ML-KEM-768	FIPS 203	Post-quantum key encapsulation mechanism (Kyber)
SLH-DSA-192f	FIPS 205	Hash-based backup signatures (SPHINCS+)
X25519 + ML-KEM-768	Hybrid	Combined classical + PQ key exchange
SHA-256 + SHA3-256	FIPS 180-4 / FIPS 202	Dual hash chains for audit integrity

Repository Layout

dcp-ai-genesis/
├── spec/                    # Normative specifications (DCP-01 through DCP-09, v2.0)
│   ├── core/                # DCP Core editorial specification
│   └── profiles/            # Profile specifications (crypto, a2a, governance)
├── schemas/                 # JSON Schemas (draft 2020-12, v2 includes DCP-05–09)
├── tools/                   # Validation, conformance, crypto + Merkle helpers
├── tests/                   # Conformance tests and fixtures
├── bin/dcp.js               # Reference CLI
├── cli/                     # Interactive CLI wizard (@dcp-ai/cli)
├── sdks/
│   ├── typescript/          # TypeScript SDK (@dcp-ai/sdk)
│   ├── python/              # Python SDK (dcp-ai)
│   ├── go/                  # Go SDK
│   ├── rust/                # Rust SDK (dcp-ai)
│   └── wasm/                # WASM module (@dcp-ai/wasm)
├── integrations/
│   ├── express/             # Express middleware
│   ├── fastapi/             # FastAPI middleware
│   ├── langchain/           # LangChain integration
│   ├── openai/              # OpenAI integration
│   ├── crewai/              # CrewAI integration
│   ├── openclaw/            # OpenClaw plugin
│   ├── w3c-did/             # W3C DID/VC bridge
│   ├── google-a2a/          # Google A2A bridge
│   ├── anthropic-mcp/       # Anthropic MCP bridge
│   └── autogen/             # Microsoft AutoGen bridge
├── templates/               # Framework templates (langchain, crewai, openai, express)
├── playground/              # Web-based interactive playground
├── server/                  # Reference verification server
├── services/
│   ├── anchor/              # Blockchain anchoring service
│   ├── transparency-log/    # CT-style Merkle transparency log
│   └── revocation/          # Agent revocation registry
├── contracts/ethereum/      # DCPAnchor.sol for EVM L2
├── docker/                  # Docker Compose + multi-stage Dockerfile
├── api/                     # OpenAPI 3.1 + Protocol Buffers (gRPC)
├── docs/                    # All documentation
└── .github/                 # CI/CD workflows + reusable GitHub Actions

Development

# Install dependencies
npm install

# Run tests
npm test

# Run protocol conformance suite
npm run conformance

# Start verification server (port 3000)
npm run server

Contributing

We welcome contributions from both humans and AI agents.

Read the Contributing Guide for development workflow and standards.
See Governance for decision-making processes and roles.

Citation

If you use DCP-AI in your research, please cite both the paper (the conceptual framework) and the software release (the specific implementation you used).

Paper

Naranjo Emparanza, D. (2026). Agents Don't Need a Better Brain — They Need a World: Toward a Digital Citizenship Protocol for Autonomous AI Systems. Zenodo. https://doi.org/10.5281/zenodo.19040913

Software (v2.0.2)

Naranjo Emparanza, D. (2026). DCP-AI v2.0.2 — Digital Citizenship Protocol for AI Agents (Reference Implementation). Zenodo. https://doi.org/10.5281/zenodo.19656026

See CITATION.cff for a machine-readable format.

License

Apache-2.0

"This protocol was co-created by a human and an AI agent — the first protocol designed for AI digital citizenship, built by the very collaboration it seeks to govern."